TALLAHASSEE, Fla.—Attorney General Pam Bondi today confirmed that her office issued a subpoena to ride sharing company Uber as part of an investigation into Uber’s alleged cover up of a data breach that occurred more than a year ago. According to the company, millions of Uber drivers nationwide may have had personal information accessed as a result of the breach. There are at least 32,000 Uber drivers in Florida who may have been affected.

Instead of reporting the breach to the Florida Attorney General’s Office within the 30 days required by the Florida Information Protection Act, Uber reportedly paid a ransom and then concealed the hack by entering into a nondisclosure agreement with the hackers.

“Uber’s delay to provide timely notice to affected individuals is inexcusable,” said Attorney General Bondi. “I have always been a strong advocate for Uber’s innovative technology, but if these revelations prove true, I am disgusted by this cover up and Uber will be held accountable.”

In order to better protect consumers from data breaches, Attorney General Bondi worked with the Legislature in 2014 on the Florida Information Protection Act. This legislation requires businesses and governmental entities to timely provide notice regardingdata breaches to consumers and otherwise take certain measures to protect consumers’ personal information.